News & Commentary

Content posted in March 2012
Page 1 / 4   >   >>
Global Payment Systems Compromised In 'Massive' Breach
Quick Hits  |  3/31/2012  | 
Vulnerable records at Visa, MasterCard could be in the millions due to unauthorized access
IT's Hottest 'Necessary Evil'
News  |  3/30/2012  | 
While IT security pros may still find themselves defending their roles, they're also in a good spot when it comes to compensation, with a median base salary bump for staffs up a tidy $7,000 this year, according to the new The InformationWeek 2012 U.S. IT Salary Survey: Security
Forensic Approach To Mobile App Vulnerability Research
Commentary  |  3/30/2012  | 
Intro to a unique approach for vulnerability research on mobile apps using traditional PC forensic tools
Lesson From Pwn2Own: Focus On Exploitability
News  |  3/29/2012  | 
Talented programmers can create attack code quickly, suggesting that firms need to focus on patching easily exploitable -- not just exploited -- flaws
Google Big Tent: Regulation Vs. Personal Responsibility
Commentary  |  3/29/2012  | 
Society should embrace the touch-the-stove approach when it comes to online common sense, explains 14-year-old Adora Svitak, author of no less than three books and advocate of techno-youth empowerment, at Google event on Web regulation.
It's (Already) Baaack: Kelihos Botnet Rebounds With New Variant
News  |  3/29/2012  | 
Botnet hunters debate whether Kelihos/Hlux operators can reclaim rescued bots
How To Choose Endpoint Protection
News  |  3/29/2012  | 
Don't fret about malware detection. Focus on user interactions, performance, and management.
Congress Proposes FISMA Overhaul
News  |  3/29/2012  | 
Amendments would update the 2002 law for today's federal IT environment, transfer cybersecurity oversight from Homeland Security to OMB.
YouTube Tool Blurs Faces To Protect Privacy
News  |  3/29/2012  | 
YouTube plans to give video makers an easy way to blur faces to protect the privacy of people who don't want to appear in online videos.
Will New FTC Privacy Recommendations Challenge E-Commerce?
News  |  3/29/2012  | 
FTC privacy proposal has been both lauded and criticized, but also triggered talk on the impact on retailers, nonprofits, and online advertisers.
China Hacked RSA, U.S. Official Says
Quick Hits  |  3/29/2012  | 
And RSA official responds to Gen. Keith Alexander's telling Congress this week that Chinese attackers were behind the SecurID breach last year
Someone Left The Keys In Your Compliance System
Commentary  |  3/29/2012  | 
Information security is at the mercy of your entire staff's habits
Security Pros Worry Most About Mobile Threats, But Most Have No Way To Detect Them
Quick Hits  |  3/29/2012  | 
Many enterprises have no good way to identify mobile vulnerabilities, Tenable report says
Cybercrime's Love Affair With Havij Spells SQL Injection Trouble
News  |  3/28/2012  | 
Automated SQL injection attack tool makes database extraction as easy as a button click for cybercriminals
Will New FTC Privacy Recommendations Challenge E-Commerce?
News  |  3/28/2012  | 
Privacy recommendations from the FTC have been both lauded and criticized, but also triggered talk on the impact of changing attitudes toward privacy
Deja Vu: Reincarnated Botnet Struck Down
News  |  3/28/2012  | 
Researchers at Kaspersky Lab, CrowdStrike, and Dell SecureWorks intercept bots from infamous spamming botnet -- but this time without the help of Microsoft and its legal team
A Single 'Pain' Of Glass?
Commentary  |  3/27/2012  | 
Is the often-pitched 'single pane of glass' a benefit to security monitoring tools or yet another point of contention?
Malware To Increasingly Abuse DNS?
News  |  3/27/2012  | 
Many companies do not scrutinize their domain-name service traffic, leaving an opening for malware to communicate using the protocol
Risk And Regulatory Overload
Quick Hits  |  3/27/2012  | 
New study finds organizations worried about risk and compliance, but struggling to manage it all
Data Breach Lawsuits Less Likely In Hacks
News  |  3/27/2012  | 
Individuals whose personal data is exposed in a data breach more likely to sue if the victim organization mishandled their data, researchers find
NSA Chief: China Behind RSA Attacks
News  |  3/27/2012  | 
Chinese steal a "great deal" of military-related intellectual property, and were responsible for last year's attacks on cybersecurity company RSA, Gen. Keith Alexander tells Senators.
Zetta Launches SMB Cloud Storage Platform
News  |  3/27/2012  | 
DataProtect 3.0 handles data protection, archiving, and disaster recovery in small and midsized businesses.
Apple Rejects Apps Over Privacy Concerns
News  |  3/27/2012  | 
Escalating crackdown begins on apps that use UDID numbers to try and identify unique devices.
LulzSec Reborn Claims Military Dating Site Hack
News  |  3/27/2012  | 
Hacktivists exposed details of 170,000 people on militarysingles.com, as the LulzSec reboot appears to be gaining steam.
Command Injection Attacks, Automated Password Guessing On The Rise
Quick Hits  |  3/27/2012  | 
Spam, vulnerabilities, exploit code all on the decline, IBM X-Force report says
Vetting The Security Of Cloud Service Providers
News  |  3/26/2012  | 
A registry offered by the Cloud Security Alliance allows customers to compare the security measures of participating service providers. Is that enough to make cloud more secure?
FTP Ubiquitous And Dangerously Noncompliant
News  |  3/26/2012  | 
Its ease of use and prevalence notwithstanding, old-fashioned FTP introduces compliance and security risks
Microsoft, Financial Partners Seize Servers Used In Zeus Botnets
News  |  3/26/2012  | 
Most Zeus operations still untouched, but a noticeable dip in Zeus botnet activity spotted by one botnet-monitoring organization
Google Chrome Extensions: 6 Security Facts
News  |  3/26/2012  | 
Malicious Chrome extensions, once they have a toehold on your computer, can wreak havoc via your browser. Understand the security implications.
White House Sets Cybersecurity Priorities
News  |  3/26/2012  | 
Agencies should focus on safer Internet connections, continuous monitoring of systems, and authentication, says cybersecurity chief.
Microsoft Leads Zeus Botnet Server Shutdown
News  |  3/26/2012  | 
Microsoft, U.S. Marshals, and financial industry agents raid two Zeus botnet servers farms that stole more than $100 million and infected 13 million PCs with malware.
Robot Jellyfish May Be Underwater Spy Of Future
News  |  3/23/2012  | 
Jellyfish-like robot, developed with Navy funds, refuels itself with hydrogen and oxygen extracted from the sea. The goal: Perpetual ocean surveillance.
Minimizing The Attack Surface Area A Key To Security
News  |  3/23/2012  | 
While many security experts lament the death of the network perimeter, the concept of attack surface area is still very much alive
Choosing The Right Vulnerability Scanner For Your Organization
Quick Hits  |  3/23/2012  | 
Vulnerability scanning plays a key role in both security administration and compliance. But which tools are right for you? Here are some tips on how to decide
Facebook's Privacy Two-Step On Passwords, Employers
Commentary  |  3/23/2012  | 
Facebook says sharing your password with a potential employer violates its rules. But will Facebook enforce this rule, when it still doesn't confirm user ages?
Compliance In An Age Of Mobility
News  |  3/23/2012  | 
Regulated companies put compliance efforts in jeopardy unless they address mobility.
Megaupload Host Wants To Delete Data
News  |  3/23/2012  | 
Movie industry association wants data retained indefinitely, but hosting company says it's too expensive. Meanwhile, questions rise over why Anonymous launched retaliatory attack--and who paid for it.
Compliance In An Age Of Mobility
News  |  3/22/2012  | 
Regulated companies put compliance efforts in jeapordy unless they address mobility
Fake Caller ID Attacks On The Rise
Quick Hits  |  3/22/2012  | 
"Vishing" attacks increased by 52 percent in the second half of last year
StopTheHacker Website Security Suite Adds 10 Hosting Partners Globally
News  |  3/22/2012  | 
Security solutions are now distributed in six additional countries
Technology Cannot Solve All Your People Problems
Commentary  |  3/22/2012  | 
Too many in business assume compliance is primarily a technology issue
Keep Your Friends Close, Especially If They Are Anonymous
Commentary  |  3/22/2012  | 
Sabu's traitorous ways reminds us of the sage advice to keep your friends close and your enemies closer
'Anonymous' Legacy: Hacktivists Stole More Data Than Organized Crime In 2011 Breaches Worldwide
News  |  3/22/2012  | 
New Verizon Data Breach Intelligence Report finds 58 percent of all data stolen was the result of hacktivist attacks -- but, overall, traditional cybercriminals executed the largest number of actual breaches
Fun With REMnux -- And New Malware Analysis Book
Commentary  |  3/22/2012  | 
"Practical Malware Analysis" provides in-depth knowledge on malware analysis and includes useful lab exercises. We take REMnux for a spin with the labs
When Hackers Want Much More Than Money
News  |  3/22/2012  | 
Insider attack data breaches are down in 2011, but hacktivist attacks, with motives beyond money, are up, reports Verizon 2012 Data Breach Investigations Report.
New Botnet Emanates From Republic Of Georgia, Researchers Say
Quick Hits  |  3/21/2012  | 
Win32/Georbot steals documents, hides from anti-malware scanners
$1.5M Fine Marks A New Era In HITECH Enforcement
News  |  3/21/2012  | 
Data breach at BlueCross BlueShield of Tennessee, and subsequent penalty, stands as example of financial fallout from poor healthcare IT security practices
Duqu Alive And Well: New Variant Found In Iran
News  |  3/21/2012  | 
Researchers at Symantec dissect part of new, retooled version of the reconnaissance-gathering malware
Microsoft Donates Software To Protect Exploited Children
News  |  3/21/2012  | 
Microsoft will offer its PhotoDNA software to law enforcement free of charge to help investigators track down verified child porn.
Firefox Takes Privacy Lead With HTTPS By Default
News  |  3/21/2012  | 
Firefox users soon won't have to worry about their browsers betraying their search queries.
Page 1 / 4   >   >>


Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Lital Asher-Dotan, Senior Director, Security Research and Content, Cybereason,  5/21/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3018
PUBLISHED: 2018-05-24
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.
CVE-2013-3023
PUBLISHED: 2018-05-24
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.
CVE-2013-3024
PUBLISHED: 2018-05-24
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.
CVE-2018-5674
PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
CVE-2018-5675
PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...